Your submission was sent successfully! Close

CVE-2022-25638

Published: 24 February 2022

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (5.2.0-1)
xenial Ignored
(out of standard support)